php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25454 ldap_bind produces an assertion error in cyrus.c
Submitted: 2003-09-09 12:02 UTC Modified: 2003-09-11 05:10 UTC
From: rolli at aum dot unibe dot ch Assigned:
Status: Not a bug Package: LDAP related
PHP Version: 4.3.3 OS: Linux-2.4
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-09-09 12:02 UTC] rolli at aum dot unibe dot ch 
Description:
------------
When using ldap_bind() nothing happens as script execution stops immediatly. Verifying the script with CLI there's an assertion error in cyrus.c
The problem seems to be related to cyrus.c working with a cyrus-sasl-2.1x.

Checked the following:
Server 1: php-4.3.3 with cyrus-sasl-1.5.24 works
Server 2: php-4.3.3 with cyrus-sasl2-2.1.12 doesn't work

Both Servers compiled wiht:
'./configure' '--prefix=/usr/share' '--datadir=/usr/share/php' '--bindir=/usr/bin' '--libdir=/usr/share' '--includedir=/usr/include' '--with-_lib=lib' '--with-config-file-path=/etc' '--with-exec-dir=/usr/lib/php/bin' '--disable-debug' '--enable-bcmath' '--enable-calendar' '--enable-ctype' '--enable-dbase' '--enable-discard-path' '--enable-exif' '--enable-filepro' '--enable-ftp' '--enable-gd-imgstrttf' '--enable-gd-native-ttf' '--enable-inline-optimization' '--enable-magic-quotes' '--enable-mbstr-enc-trans' '--enable-mbstring' '--enable-mbregex' '--enable-memory-limit' '--enable-safe-mode' '--enable-shmop' '--enable-sigchild' '--enable-sysvsem' '--enable-sysvshm' '--enable-track-vars' '--enable-trans-sid' '--enable-versioning' '--enable-wddx' '--enable-yp' '--with-bz2' '--with-curl' '--with-dom=/usr/include/libxml2' '--with-ftp' '--with-gdbm' '--with-gettext' '--with-gmp' '--with-imap=yes' '--with-imap-ssl' '--with-imagick=/usr' '--with-openssl' '--with-iodbc' '--with-java=/usr/lib/SunJava2-1.4.1' '--with-jpeg-dir=/usr' '--with-ldap=yes' '--with-mcal=/usr' '--with-mcrypt' '--with-mnogosearch=/usr/local/mnogosearch' '--with-mysql=/usr' '--with-ndbm' '--with-pgsql=shared' '--with-png-dir=/usr' '--with-readline' '--with-snmp' '--with-t1lib' '--with-tiff-dir=/usr' '--with-ttf' '--with-freetype-dir=yes' '--with-xml' '--with-xmlrpc' '--with-dom-xslt=/usr' '--with-dom-exslt=/usr' '--with-xpm-dir=/usr/X11R6' '--with-zlib=yes' '--with-gd' '--enable-xslt' '--with-xslt-sablot' '--with-iconv' '--with-mm' '--with-pdflib=/usr' '--with-apxs=/usr/sbin/apxs' 

Reproduce code:
---------------
<?php
error_reporting(E_ALL);
echo "Connecting ...";
$ldapconn=ldap_connect("ldaps://id-auth01.unibe.ch, ldaps://id-auth02.unibe.ch","636");
if (is_resource($ldapconn)) { 
    echo "Binding ...";
    $ldapbind = ldap_bind($ldapconn);
    // verify binding
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
} 
ldap_close($ldapconn);
?>

Expected result:
----------------
I should see a pretty "LDAP bind successful". Acutally works on Server 1 with cyrus-sasl-1.5.24.

Actual result:
--------------
#mr@linux: php ldap.php
php: cyrus.c:469: ldap_int_sasl_open: Assertion `lc->lconn_sasl_ctx == ((void *)0)' failed.
Aborted

Then tested with above script and only one ldap-server in ldap_connect() leads to
Warning: ldap_bind():  Unable to bind to server: Can't contact LDAP server in
on Server 2, but works perfectly on Server 1.

So could it be ext/cyrus not compatible with cyrus-sasl2-2.1.12?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-09 13:06 UTC] sniper@php.net 
First of all: Does this work with the openldap binaries, e.g.
ldapsearch ??
 [2003-09-09 13:09 UTC] sniper@php.net 
And where does it say that you can use multiple hosts in one connect? (FYI: This has absolutely NOTHING to do with ext/cyrus)
 [2003-09-09 13:15 UTC] sniper@php.net 
Nevermind the last comment, ldap_initialize() is just undocumented..had to read openldap sources a bit. :)
 [2003-09-09 15:35 UTC] sniper@php.net 
I tested your script and for me it just hangs in 'Binding..'.
No assert error here. Did you recompile openldap after upgrading cyrus-sasl?
 [2003-09-10 03:45 UTC] rolli at aum dot unibe dot ch 
Actually it's an SuSE 8.2. All installed software packages are original SuSE rpms. The only thing I compile for myself is PHP and the related packages like pdflib, mnogosearch, imagick.
 [2003-09-10 09:08 UTC] sniper@php.net 
So do the openldap binaries work or not???
I'm pretty sure this is not PHP bug at all as I could not 
reproduce this.
 [2003-09-11 02:33 UTC] rolli at aum dot unibe dot ch 
I have to apologize for this bug report.
Everything is fine with PHP and ext/ldap and ext/cyrus.

Sniper, you're right. The Problem was elsewhere. After diving deeper I realized that the sysadmin of the ldap-server has changed the certificates one day before I restarted with the project.
Actually, with the binaries I got this:

ldap_start_tls: Can't contact LDAP server (81)
        additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE

The certifactes are signed by selfsigned CA-Cert. So I fetched the CA-Cert and put it in /etc/openldap/ldap.conf. Now everything works again.

But I'm wondering cause on the other server there is a 2.0.x OpenLDAP-Client and this one doesn't complain about the cert.

Anyway the correct place for my problem would have been the mailing list. Sorry again. I closed the bug.

Regards
Michael
 [2003-09-11 05:10 UTC] magnus@php.net 
Not a bug => Bogus
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 11:01:31 2024 UTC